All product code and configuration is peer reviewed both by standardized checklists and based on the knowledge and experience of the reviewer. Depending on what kind of project or change is made, different standard frameworks are considered, eg. OWASP, CIS, STIG etc.